Checking the repository signing key

1. Repository signing key

Linux systems are usually configured to install the TSM client from the IT Services HFS repository. This is done by installing the ox-hfs-repo package which sets up the repository and installs a public signing key that is then used to confirm that packages installed from the repository come from a trusted source. (The repository or packages are signed with the corresponding private key). If you wish to confirm the key is correct after you have installed the ox-hfs-repo package then use one of the following procedures depending on what Linux variant you are using

2. Debian based systems, including Ubuntu

Issue the following command

apt-key finger | grep HFS -C 2

You should see :

pub   1024D/EF91DF05 2011-02-24
               Key fingerprint = 60AC EDB6 980E A06D 4879  9299 CDBD F30C EF91 DF05
               uid                  IT Services HFS Team (GPG signing key) <hfs@ox.ac.uk>
               sub   1024g/2EB4A12C 2011-02-24

Note that depending on when the key was first installed it may say OUCS instead of IT Services. If the key fingerprint does not match that shown above then contact hfs@ox.ac.uk for advice.

3. RPM based systems

Issue the following command

rpm -qi gpg-pubkey-ef91*

You should see something like the following output:

Name        : gpg-pubkey                   Relocations: (not relocatable)
Version     : ef91df05                          Vendor: (none)
Release     : 514092d6                      Build Date: Fri 24 May 2013 03:41:55 PM BST
Install Date: Fri 24 May 2013 03:41:55 PM BST      Build Host: localhost
Group       : Public Keys                   Source RPM: (none)
Size        : 0                                License: pubkey
Signature   : (none)
Summary     : gpg(IT Services HFS Team (GPG signing key) <hfs@ox.ac.uk>)
Description :
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: rpm-4.8.0 (NSS-3)

mQGiBE1mPrgRBADibg8ZFQrLqDSX7RVXEM7+6VUqJG/DdIQcKqI0DD6rDmbjLcuv
XiwTDfRaCkAgEXOMeLQ+X1me8CUJEtYWH1/HQGpBlE+7twyZNFtLXfLt8cUOc2e+
i+4WIH6Wo/Ww6rCiCDw6eKlIRCGlote8fLpAtaKJmPlHElnbEvRlVVixRwCgovSr
f5tqGYTAoCYIlldUx0noP9UEANoThe0YpO7ON7WU43ulRhT3qRmO7u06D5ZI497M
3Gfp+kpdPzAIjdbZMpKS/JxZ3ItrWHcqcVYbLNbQ2BX7gYdDgWPwHZIYdpgmi281
gezuuLX0vUHolOszPQvdY/lakC7SEEX+0OH8+CmywuYE9EaEoILexD5V1zUp4iAO
zrcQA/486/zI9f3EtFpYIILS3fPqG50jJZeMptHLh8H3tcUcDay7+V5JHZes2Kqo
Q9Kki6tsK4Wr6alUVgjIrzpjLU6T9tzKjS7H4aXxCO1+pN6qMI0U1nphj3YlcoPj
nFrfOoEm+OL/hznnzL/C17W7+obGBhqh3Y1CYAAAo6yMQ4Ry07Q1SVQgU2Vydmlj
ZXMgSEZTIFRlYW0gKEdQRyBzaWduaW5nIGtleSkgPGhmc0BveC5hYy51az6IYgQT
EQIAIgUCUUCS1gIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQzb3zDO+R
3wUSFACfXOVhg/Ey2pBd8gZtcEwbgbX19K4AoJgalJKf0KQ9puuLgyyeuVGW1oOR
uQENBE1mPrkQBAC1zmVaqpYZpj7cej5qWkM5y5MdXyblfRrqfFZSc1oKJb9zPejv
zUxIPntZloNkOlJCqnT3ZQTegTIMcL0schplaG4IFeQLpkLGFbuOVOWCbghe8Qtz
uMaPQw5D4d/SasFTJjQZfJ6pxP0k3zWaaqKZ+6s9B2VV1RUmXMxLMxooNwAFFwQA
ourf11y81fCifo3xc2LrIo5Aoer26TIl5jwJR4VwXyZaxgJOaASe/Eq1y4xE+hFr
zz6AGvSk6PrUGRyJbOlpDv9JeedjTNgxdD1awG+YyMuVooN/QKO+l48d/RPAA8+9
0/6QPzEIWh+M3CSD0YRu1lw23LU59NN99BEvA+F1ppaISQQYEQIACQUCTWY+uQIb
DAAKCRDNvfMM75HfBc7XAJoDHBEIxPY7+WpBZiC20grO8Mbg+ACeNwoEidRiQDes
/3ZeA2W5FYWlqcg=
=h2eC
-----END PGP PUBLIC KEY BLOCK-----

Note that depending on your version of rpm the layout may be slightly different. You should also expect the dates and possibly the rpm version values to be different. Depending on when the key was first installed it may say OUCS instead of IT Services. The important part is the PGP public key block but note that it may be broken into longer or shorter lines than the above. Taking that into account, if the key details do not match those shown above then contact hfs@ox.ac.uk for advice.

Written by IT Services. Latest revision 10 October 2014